Letters to the Editor: Cloudy Forecast

CLOUDY FORECAST

Regarding “Head in the Clouds,” April, about moving applications online: I think it’s too scary and I’m not putting my stuff (and my clients’) into the cloud. The mere thought of what happens to it if there’s a billing software error or other snafu makes me shudder. To have phones or elevators to my office interrupted is predictable and bad enough, but losing access to files?

I also freely admit that I felt exactly that way about the unacceptably risky prospect of switching from DOS with keyboard shortcuts to Windows with a mouse in the 1980s, and switching from freestanding to Internet-connected in the 1990s.

I have to conclude that I shouldn’t even try to predict what I’ll believe about the cloud in a few years.

Andrew Mead von Salis
Brooklyn, N.Y.

There is sometimes an implicit assumption that having data within the walls of a law firm is somehow more secure than hosting the data in a data center (as many Am Law 200 firms do) or in the cloud, as a few firms do.

Ask yourself these questions: Is there someone dedicated full time to the security of your data? Do you have intrusion detection systems that will alert security personnel? Do you have systems that will isolate the effect of an intrusion to just one or two subnets rather than have it take down your network and expose all your data? For most firms hosting their own data, the answers are no, no and no. Any firm’s data is exposed day in and day out to malware, hackers, even espionage. But few firms are more prepared to deal with those threats than the companies that offer cloud computing services.

The fact is that in many cases a move to the cloud is a move toward more security rather than less.

John Alber
St. Louis

I do information technology work on top of my legal work. In your article, David Navetta is right about the main loss law firms face. Control is important. For example, what if an opposing party attempts to subpoena records from the cloud provider? How will they respond? Do they have a written policy on such responses? Is it in their contract?

Google Apps for Business does have a clear policy. Two law-specific companies I contacted on behalf of a client had less clarity.

Control also comes into play in regard to access. Smaller firms don’t always have the most reliable internet access. One client of mine had DSL out in a rural area. Every time a thunderstorm rolled through (and we get more than a few in Georgia, typically) his Internet went down. A cloud-based solution without reliable, always-on Internet connections won’t work for many.

Even so, I do think more people will be moving to the cloud. And some services should already be in the cloud. Frankly, a small law firm running their own Microsoft Exchange Server might be doing the equivalent of malpractice unless they have someone very competent at cybersecurity hardening the email server against attacks. I can tell you most firms don’t have access to these people; but cloud-based Exchange and other email solutions do.

Confidentiality concerns over cloud or outsourced information technology are not well-articulated and likely moot. You don’t have a confidentiality issue if you disclose client information to an employee working for you. Similarly, a private investigator helping you with a case still falls under your confidentiality umbrella even though he is an independent contractor.

Ask yourself this: Are there really judges where you practice who would allow opposing counsel to dig through your records by subpoenaing your IT provider? I very much doubt that. Even if such records were inadvertently collected by opposing counsel, it is highly likely a judge would preclude them from use in the courtroom.

I’ve seen or heard about so many insecure data repositories at law firms it’s quite frankly scary. To sum it all up, if lawyers had to comply with regulations similar to HIPAA, a lot of firms would be failing miserably.

John William Nelson
Atlanta

ATTACK BACK

Regarding “Staking Your Reputation,” April, we have had several clients defamed anonymously online. The law should give our clients a spray can to paint over the anonymous posts like graffiti on a bathroom wall.

Julie TennysonPaducah, Ky.

I have had the opportunity to transition from being an attorney to doing business development and brand management. Controlling your brand and ultimately dominating the first page of Google has become a business in itself.

For those not looking to outsource to a brand/reputation management company, there are a few easy things you can do to control the first page. For example, register your business with Google Places and create a Facebook business page. This will take minutes to do and can be very effective. You don’t have to enjoy or even like social media and blogging to recognize that it’s important to manage your brand online.

Preston Clark
New York City

AWARENESS WILL WIN

School districts understand that our younger generation is much more open, communicative and socially active than our mature adult generation. They also understand that wearing armbands to raise breast awareness will be fodder for young minds and will start many conversations about breast cancer and breasts. But they do not want this conversation to take place in school. They clearly want to suppress this conversation in school.

Whichever way the case goes, the school will ultimately lose. If the court decides that the armband ban is not a violation of the students’ free speech, the students will likely continue the conversation at school, with ever more zeal—even without the armbands! Facebook, Twitter and other instant communication tools that our young students have at their disposal are very powerful in their ability to mobilize young minds to raise awareness about issues that are worthy of discussion.